The threat, detected by Russian anti-virus company Dr. Web, latches itself onto Macs courtesy of fake movie trailer websites. Upon visiting these fraudulent websites, you’ll be asked to install a plug-in needed to play the video, and choosing to do so brings up a prompt asking you to install a program called “Free Twit Tube.” You won’t end up with a benign video player, though; instead, the Trojan worms its way into your browser as a plug-in that displays affiliate ads by embedding codes in every page you visit online.

Yontoo, in particular, shows pages from the Apple Shop, presumably so it could look like a legitimate ad and earn from your purchases. In addition to being disguised as a video player, Yontoo’s creaters have also camouflaged it as a media player, a video quality enhancement program, and a download accelerator. It’s the same old trick used to dupe Windows users, and it’s wise to be just as careful now on your Mac as you probably are on your Windows PC.

Dr. Web didn’t give out a number of infected computers, so it’s unknown whether the threat is widespread. It’s also not known whether the malware can do anything else other than serve you ads, but Trojans are notorious for giving hackers a backdoor entry to your computer. It’s best to protect yourself with a Mac anti-virus program if you’ve yet to do so.